traffic-taffy 0.9.3__py3-none-any.whl → 0.9.5__py3-none-any.whl

traffic_taffy/__init__.py

@@ -1 +1 @@
-__VERSION__ = "0.9.3"
+__VERSION__ = "0.9.5"

traffic_taffy/algorithms/statistical.py

@@ -65,7 +65,7 @@ class ComparisonStatistical(ComparisonSlicesAlgorithm):
                     right_count = right_side[key][subkey]
                     left_percentage = 0.0
                     if right_side_total == 0:
-                        right_percentage = 100
+                        right_percentage = 1.0
                     else:
                         right_percentage = right_side[key][subkey] / right_side_total
                     new_right_count += 1  # this value wasn't in the left
@@ -81,12 +81,12 @@ class ComparisonStatistical(ComparisonSlicesAlgorithm):
                     )
 
             if right_side_total == 0:
-                right_percent = 100
+                right_percent = 1.0
             else:
                 right_percent = new_right_count / right_side_total
 
             if left_side_total == 0:
-                left_percent = 100
+                left_percent = 1.0
             else:
                 left_percent = new_left_count / left_side_total
 

traffic_taffy/dissector_engine/dpkt.py

@@ -2,12 +2,13 @@
 
 from __future__ import annotations
 
-from logging import debug
+from logging import debug, error
 from traffic_taffy.dissector_engine import DissectionEngine
 from traffic_taffy.dissection import Dissection, PCAPDissectorLevel
 from pcap_parallel import PCAPParallel
 
 import dpkt
+import socket
 
 
 class DissectionEngineDpkt(DissectionEngine):
@@ -20,6 +21,7 @@ class DissectionEngineDpkt(DissectionEngine):
     def __init__(self, *args: list, **kwargs: dict):
         """Create a dissection engine for quickly parsing and counting packets."""
         super().__init__(*args, **kwargs)
+        self.data_link_type = None
 
     def load_data(self) -> None:
         """Load the specified PCAP into memory."""
@@ -29,6 +31,9 @@ class DissectionEngineDpkt(DissectionEngine):
         else:
             # it's an open handle already
             pcap = dpkt.pcap.Reader(self.pcap_file)
+
+        self.data_link_type = pcap.datalink()
+
         if self.pcap_filter:
             pcap.setfilter(self.pcap_filter)
         pcap.dispatch(self.maximum_count, self.callback)
@@ -144,14 +149,34 @@ class DissectionEngineDpkt(DissectionEngine):
             level = level.value
 
         if level >= PCAPDissectorLevel.THROUGH_IP.value:
-            eth = dpkt.ethernet.Ethernet(packet)
-            # these names are designed to match scapy names
-            self.incr("Ethernet_dst", eth.dst)
-            self.incr("Ethernet_src", eth.src)
-            self.incr("Ethernet_type", eth.type)
-
-            if isinstance(eth.data, dpkt.ip.IP):
-                ip = eth.data
+            if self.data_link_type == 1:
+                # Ethernet based encapsulation
+                eth = dpkt.ethernet.Ethernet(packet)
+                # these names are designed to match scapy names
+                self.incr("Ethernet_dst", eth.dst)
+                self.incr("Ethernet_src", eth.src)
+                self.incr("Ethernet_type", eth.type)
+                data = eth.data
+            elif self.data_link_type == 101:
+                # Raw IP encapsulation
+                if packet[0] == 0x45:
+                    data = dpkt.ip.IP(packet)
+                elif packet[0] == 0x60:
+                    data = dpkt.ip6.IP6(packet)
+                else:
+                    error("Unknown IP version in data")
+                    raise ValueError("unknown IP version")
+            else:
+                error(f"unknown link type: {self.data_link_type}")
+                raise ValueError("unknown link type")
+
+            # TODO(hardaker): add ip6.IP6 support
+            next_layer = None
+            udp = None
+            tcp = None
+
+            if isinstance(data, dpkt.ip.IP):
+                ip = data
                 udp = None
                 tcp = None
 
@@ -177,8 +202,32 @@ class DissectionEngineDpkt(DissectionEngine):
                 self.incr(prefix + "version", ip.v)
                 self.incr(prefix + "ttl", ip.ttl)
 
-                if isinstance(ip.data, dpkt.udp.UDP):
-                    udp = ip.data
+                next_layer = ip.data
+
+            elif isinstance(data, dpkt.ip6.IP6):
+                ip6 = data
+
+                ipver = "IPv6"
+                prefix = f"Ethernet_{ipver}_"
+
+                # TODO(hardaker): make sure all these match scapy
+                socket.inet_ntop(
+                    socket.AF_INET6,
+                    b"\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01",
+                )
+
+                self.incr(prefix + "dst", socket.inet_ntop(socket.AF_INET6, ip6.dst))
+                self.incr(prefix + "src", socket.inet_ntop(socket.AF_INET6, ip6.src))
+                self.incr(prefix + "fl", ip6.flow)
+                self.incr(prefix + "hlim", ip6.hlim)
+                self.incr(prefix + "nh", ip6.nxt)
+                self.incr(prefix + "plen", ip6.plen)
+                self.incr(prefix + "tc", ip6.fc)
+                next_layer = ip6.data
+
+            if next_layer:
+                if isinstance(next_layer, dpkt.udp.UDP):
+                    udp = next_layer
                     self.incr(prefix + "UDP_sport", udp.sport)
                     self.incr(prefix + "UDP_dport", udp.dport)
                     self.incr(prefix + "UDP_len", udp.ulen)
@@ -186,8 +235,8 @@ class DissectionEngineDpkt(DissectionEngine):
 
                     # TODO(hardaker): handle DNS and others for level 3
 
-                elif isinstance(ip.data, dpkt.tcp.TCP):
-                    tcp = ip.data
+                elif isinstance(next_layer, dpkt.tcp.TCP):
+                    tcp = next_layer
                     self.incr(prefix + "TCP_sport", tcp.sport)
                     self.incr(prefix + "TCP_dport", tcp.dport)
                     self.incr(prefix + "TCP_seq", tcp.seq)

traffic_taffy/report.py

@@ -0,0 +1,12 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class Report:
+    delta_percentage: float
+    delta_absolute: int
+    total: int
+    left_count: int
+    right_count: int
+    left_percentage: float
+    right_percentage: float

traffic_taffy/tests/test_dpkt_engine.py

@@ -0,0 +1,15 @@
+import os
+from traffic_taffy.dissection import PCAPDissectorLevel
+from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
+
+def test_dpkt_engine():
+    test_pcap = "dns.pcap"
+    test_pcap = "port53-2023-30-31_20.pcap"
+    test_pcap = "airplane-wireless.pcap"
+    if not os.path.exists(test_pcap):
+        return
+
+    engine = DissectionEngineDpkt(test_pcap,
+                                  dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
+    dissection = engine.load()
+

{traffic_taffy-0.9.3.dist-info → traffic_taffy-0.9.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.9.3
+Version: 0.9.5
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>

{traffic_taffy-0.9.3.dist-info → traffic_taffy-0.9.5.dist-info}/RECORD

@@ -1,4 +1,4 @@
-traffic_taffy/__init__.py,sha256=QTKEpzY_ZMDccPfhHR5VeIEETRWrA3oohe60v8oSycU,22
+traffic_taffy/__init__.py,sha256=xEWNhlRR6R-6owCOTbPr3aDZBNjhXPEL8bZfHLBc-RI,22
 traffic_taffy/compare.py,sha256=g9rU6oa_2Wy0nUJ7K6TI8JTctyGCRvYEUakDBf7blOY,8644
 traffic_taffy/comparison.py,sha256=KJxOp4UqhfRkF4LI1PMDRIefeyTm2w5sbdr7VUTS4KM,1451
 traffic_taffy/config.py,sha256=DgTu2kA1Ec4Hbwl_44kTsdyJYvxAabgJk9a7aOH2XXU,4444
@@ -7,16 +7,17 @@ traffic_taffy/dissectmany.py,sha256=SWFXFyERNCi0j7hiMDEeJJdPYDpa0SOlSj1V8AqpXUA,
 traffic_taffy/dissector.py,sha256=M5MHVPwfeMHa6s4TG8ZiiNjk7qaht65wdqm0nmRHdQ8,15682
 traffic_taffy/graph.py,sha256=EfkxH5D9PNlDpvftkh9GyUusV05EV537QGB7JOMeW4w,4730
 traffic_taffy/graphdata.py,sha256=r_QNXO3FzC7Vx4123SdCliAh7j2NCQ4Lb5uoOJnlt2M,3376
+traffic_taffy/report.py,sha256=Yzb27hUWcWL-RxWpSQmRyM8NyWxQGT0l0jUCGHoYDSY,224
 traffic_taffy/taffy_config.py,sha256=AmdQbWAhoiV7aTNSpV1exJfd5eA0a3sYTIjikHkMPwY,1124
 traffic_taffy/algorithms/__init__.py,sha256=A7xI2ctotBT7WgG-6ItilXE_FIWF9QWc6UjdfGyThKw,737
 traffic_taffy/algorithms/comparecorrelation.py,sha256=gakZJotZNOVj96y4_-vtt_ka8pZLBVERf44Yixtq_yE,5875
 traffic_taffy/algorithms/comparecorrelationchanges.py,sha256=-ztWKpNN5lm_6e7hTSZytwzuK1RpMpfe1ksQgsb0_tk,7646
 traffic_taffy/algorithms/compareseries.py,sha256=cVonTV6TnMZAaHlGqZ6shn0aDQTTHzK-tPvUAk3OkuQ,4165
 traffic_taffy/algorithms/compareslices.py,sha256=aIDhISKi-m8uD65pBd3A2naoxYD9zeay6y7mAk4hXdg,4336
-traffic_taffy/algorithms/statistical.py,sha256=7ddz3nPaTbhCNpfNcWx2sLmnv3ZYnmvEc72M9cAOU-0,4281
+traffic_taffy/algorithms/statistical.py,sha256=0Hr62ZUZlFCNPUh6yVBRFjNho42cTGeX_GHtbq1sbak,4281
 traffic_taffy/dissector_engine/__init__.py,sha256=Hu-UQtz7yhivmQLUP5b8tFQLEhy2bfvrRV3Q4aZp6vg,2202
 traffic_taffy/dissector_engine/dnstap.py,sha256=rBzVlB0D3YVhHOsr17cbnCIZU13g20srgR4sE7ZfNUE,4810
-traffic_taffy/dissector_engine/dpkt.py,sha256=YgFceo_6cy1VN-ODIijSsOfH3w8OzHPbpUS463is3YI,10949
+traffic_taffy/dissector_engine/dpkt.py,sha256=q7cJz6WWpe9xUcEbAY_yn_cma_4loXuS3QKIVln6FHQ,12788
 traffic_taffy/dissector_engine/scapy.py,sha256=WrZUfV_viR2Tro0kM3QKUkufIcM3RyYaZ3ncA1yZsaU,4897
 traffic_taffy/hooks/__init__.py,sha256=Bvhl6RnyBqQkWuCU6TS0O_ZHe4qCQsC4HE8FELigWPw,661
 traffic_taffy/hooks/ip2asn.py,sha256=7UA52L6jej0RYBptzP9izO0yXMcqH7wcp2ocDRUN5dg,2216
@@ -34,6 +35,7 @@ traffic_taffy/reports/correlationreport.py,sha256=9PdL_53mxfO619PFSoeRsTEm63L1J_
 traffic_taffy/tests/test_compare_results.py,sha256=iLcS9wvEqxgKszIspLtD2Zw8Qk5JxOCurQwWYzhtOkM,2318
 traffic_taffy/tests/test_config.py,sha256=UCqSJXVwpFFchcIbyFzLqjVF-wgEV755KlQ7thommro,4284
 traffic_taffy/tests/test_dict_merge.py,sha256=t3rZSQQ0AlBxRKfLborx9SxYN53cCAQQzZ2w-__WT2Y,1429
+traffic_taffy/tests/test_dpkt_engine.py,sha256=512Wfq7D1qVkfhGwf1u2QSgZooWqZQWV9L4OhpAr4AE,489
 traffic_taffy/tests/test_global_config.py,sha256=kjr1wy1cXWagVLb0OnQYH0vz2htxLs944Xo42lNsir4,597
 traffic_taffy/tests/test_hooks.py,sha256=amjEbtMwOZZCg_RCJ0wQR7aOqNfwz3IG3WY-9CwjSF4,1260
 traffic_taffy/tests/test_normalize.py,sha256=sKHyiV8YXcKKcWqsbZP94nu_g5oEMJzzj6umeHxwa64,2638
@@ -49,8 +51,8 @@ traffic_taffy/tools/dissect.py,sha256=B-7e7aqEOWtJ-0P2Y-mzmrzoDqVrDCJ2JzGR45Qtuu
 traffic_taffy/tools/explore.py,sha256=gUcOfAgangJJI1si1gLPUoWRUKmWUAXSP0oTD2JJygw,24149
 traffic_taffy/tools/export.py,sha256=9zBBGhZK95b4ZiLJ8XK30GPsaBjgR84Sk1HoPIxRpTI,2844
 traffic_taffy/tools/graph.py,sha256=KiKDY9R8JLT5-JouANoi_1WGcdFMhXsLnYlhPsFRWpM,2316
-traffic_taffy-0.9.3.dist-info/METADATA,sha256=G_or2oWTR_IcAq8WvyhloYLjDc9i8ySjOQ9U2Y9LKvc,2241
-traffic_taffy-0.9.3.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
-traffic_taffy-0.9.3.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
-traffic_taffy-0.9.3.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
-traffic_taffy-0.9.3.dist-info/RECORD,,
+traffic_taffy-0.9.5.dist-info/METADATA,sha256=OqsDUw_g2NHB5jXHmcrq5dCSjPrQAXujOnVi5GZhb7U,2241
+traffic_taffy-0.9.5.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
+traffic_taffy-0.9.5.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
+traffic_taffy-0.9.5.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
+traffic_taffy-0.9.5.dist-info/RECORD,,